Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Created DateUpdated DateAffects versionFix Version

 




Description

By default, the Blancco LUN Eraser software does not check the Blancco Management Console's certificate validity when connecting with using HTTPS. If additional security is needed then certificate verification can be enabled.

When the certificate validity is checked then the Blancco Management Console hostname must match that in the certificate and the certificate's signer must be trusted. If either of those two conditions are not met you get following will see the below error code. In this case, the Blancco Management Console's address is in address 192.168.1.1.


Info
Could not initiate secure connection to 192.168.1.1
 
Verify that your operating systems security certificates are up to date.
 
Refer to manual or support.blancco.com for setting custom certificate location.

Step-by-step guide

Certificate check The verification of the certificate can be toggled enabled in the LUN Eraser configuration file with using the option "VerifyMCCert". Value  Changing the value to 1 enables the verification and value 0 disables it (default).


Info
iconfalse
titleEnable certificate verification

VerifyMCCert = "1"

In some cases, the certificate's signer is not trusted. , This can happen for example if the environment running Blancco LUN Eraser is not updated or the Blancco Management Console certificate is self-signed. In this case, you need to add the certificate signer to a list of trusted signers. This can be done by either placing the certificate file to one of the default locations /etc/ssl/certs and /etc/pki/tls/certs/ca-bundle.crt or to a custom location.

Custom The custom certificate location can be dedfined with option MCCertPathdefined using the "MCCertPath" option within the configuration file. In the following example, the certificates are searched also from will also be checked using the path /tmp/mc_certificate.

...